Local Privilege Escalation Vulnerability in Avast Cleanup Premium
CVE-2024-7230

7.8HIGH

Key Information:

Vendor

Avast

Status
Cleanup Premium
Vendor
CVE Published:
22 November 2024

What is CVE-2024-7230?

A local privilege escalation vulnerability exists within Avast Cleanup Premium that allows local attackers to escalate privileges on affected installations. By leveraging a flaw in the Avast Cleanup Service, an attacker can create a symbolic link to exploit the service and delete files. This exploitation enables the attacker to gain elevated privileges and execute arbitrary code in the context of the SYSTEM account, posing significant security risks to users.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1000/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7230 : Local Privilege Escalation Vulnerability in Avast Cleanup Premium